Information Resource and Security Requirements Sample Clauses

The Information Resource and Security Requirements clause establishes the standards and obligations for protecting information resources and maintaining data security within an organization or between contracting parties. It typically outlines the technical and procedural safeguards that must be implemented, such as access controls, encryption, and regular security assessments, and may specify compliance with relevant laws or industry standards. By clearly defining these requirements, the clause helps prevent unauthorized access, data breaches, and misuse of sensitive information, thereby reducing risk and ensuring the integrity and confidentiality of critical data assets.
Information Resource and Security Requirements. ‌ 3.1 Information Security Safeguards (a) Contractor shall implement appropriate administrative, physical, and technical safeguards, in accordance with TxDOT’s security requirements, that reasonably and appropriately protects the confidentiality, integrity, and availability of TxDOT Data. (b) Contractor shall conform its policies and procedures relating to the implementation of security safeguards to comply with TxDOT's Information Resources security program pursuant to the current version of the TxDOT Information Security Control Baseline Standard and any applicable regulated security requirements. (1) Systems with Public data must be compliant with the low security baseline, (2) Systems with Sensitive data must be compliant with the low security baseline and the sensitive overlay, and‌ (3) Systems with Confidential data must be compliant with the moderate security baseline. (4) Systems that TxDOT designates as having the potential to cause death if the integrity or availability of the system is compromised must be compliant with the high security baseline. The TxDOT Information Security Control Baseline Standard can be obtained by emailing a request to ▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇.▇▇▇.
View Source
Information Resource and Security Requirements 
View SourceView Similar (4)

Related to Information Resource and Security Requirements

  • Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.

  • Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).

  • PERSONAL INFORMATION PRIVACY AND SECURITY CONTRACT 11 Any reference to statutory, regulatory, or contractual language herein shall be to such language as in 12 effect or as amended. 13 A. DEFINITIONS

  • Security Requirements 7.1 The Authority will review the Contractor’s Security Plan when submitted by the Contractor in accordance with the Schedule (Security Requirements and Plan) and at least annually thereafter.

  • New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to: (1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute; (2) Limit unsuccessful logon attempts; (3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions; (4) Authorize wireless access prior to allowing such connections; (5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity; (6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions; (7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles; (8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services; (9) Enforce a minimum password complexity and change of characters when new passwords are created; (10) Perform maintenance on organizational systems; (11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance; (12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1; (13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital; (14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse; (15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas; (16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems; (17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems; (18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception); (19) Protect the confidentiality of Student Data at rest; (20) Identify, report, and correct system flaws in a timely manner; (21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems; (22) Monitor system security alerts and advisories and take action in response; and (23) Update malicious code protection mechanisms when new releases are available.